As needed, administrators can configure one or more authentication selector instances to evaluate conditions of the requests and define policies to route the request to a series of approved authentication sources or deny the request based on the results from the authentication selector instances, authentication sources, or both. Administrators can also reuse an authentication policy by ending it with an authentication policy contract or a local identity profile and then applying the authentication policy contract in multiple use cases.